Pettersson, John

Wästlund, Erik

Karlstad University, Faculty of Arts and Social Sciences (starting 2013), Service Research Center.ORCID iD: 0000-0001-8102-8168

2016 (English)In: Proceedings of the International Symposium on Human Aspects of Information Security & Assurance, 2016Conference paper, Published paper (Refereed)

Abstract [en]

In this paper, we discuss end user requirements that we elicited for the use of malleable signatures in a Cloud-based eHealth scenario. The concept of a malleable signature, which is a privacy enhancing cryptographic scheme that enables the redaction of personal information from signed documents while preserving the validity of the signature, might be counter- intuitive to end users as its functionality does not correspond to the one of a traditional signature scheme. A qualitative study via a series of semi-structured interviews and focus groups has been conducted to understand stakeholders’ opinions and concerns in regards to the possible applications of malleable signatures in the eHealth area, where a medical record is first digitally signed by a doctor and later redacted by the patient in the cloud. Results from this study yielded user requirements such as the need for suitable metaphors and guidelines, usable templates, and clear redaction policies.